I'm dinging away at a hands-on of the Vista RTM release, but figured I'd hit this topic now because I've had some reader inquiries. Vista has a new system accessory, a drive encryption utility, called BitLocker. It's not part of the integrated package unless you opt for the the Enterprise or Ultimate versions, but for those SDKs, BitLocker can offers encrypted folders or volumes--even using Active Directory and I’m dinging away at a hands-on of the Vista RTM release, but figured I’d hit this topic now because I’ve had some reader inquiries. Vista has a new system accessory, a drive encryption utility, called BitLocker. It’s not part of the integrated package unless you opt for the the Enterprise or Ultimate versions, but for those SDKs, BitLocker can offers encrypted folders or volumes–even using Active Directory and/or WIM files. Nice way to be able to spread out a secure desktop right off the image stage.Only issue for IT admins looking to use BitLocker is that much like the rest of Vista, it wants new hardware. Specifically, it’s looking for for an implementation of the Trusted Platform Module 1.2–which happens at the chip level. TPM is a hardware crypto key generator and password management system–IBM’s (Lenovo’s) was the last one I saw and they’re pretty solid. New notebooks are coming out with TPM-compliant motherboards and chipsets–though it’s still something you should look for if you’re about to buy a small fleet of new Vistabooks. Not guaranteed to be there.You can run BitLocker without TPM, but then you’re forcing your users to store their crypto keys and passwprds on USB tokens. More complexity: The system is going to want to look at that key prior to full startup, so the USB device needs to be read during boot. That’s something that needs to be enabled under BIOS–yet another thing to check before buying your new Vistabox.BitLocker setup is pretty easy–but surprising in some aspects. For one, it wanted to default direct to an encrypted partition. Not just an encrypted folder or set of folders. I tried making the partition as small as possible, but the smallest seems to be 1.5GB. According to the Microsoft BitLocker notes I finally found, this partition stores all the boot materials. The other partition is where everything else sits–Vista, data, MP3s, stolen credit card data, whatever. Again, pretty simple, but you need to think about it prior to installing Vista–otherwise you’ll need to repartition after installation. Time consuming and a pain in the booty. Best to make this part of an OS image and distribute it that way.Do that, and BitLocker can talk directly to Active Directory, which can generate the crypto keys and feed them to the each system at network signon. Overall a pretty sophisticated setup. And it can handle partial or full-disk encryption.No, I haven’t tested ot yet to get an idea of system overhead or whether it works reliably for the road warrior set. Work on that over time. Even so, I’ve got to say that the partition installation piece means that certain third-party disk encryption products still have a future. TrueCrypt or Cryptainer, for example, simply create an encrypted file volume with an ultra-strong password. More individual, but definitely quicker on the setup front. Plus, they’re free just like BitLocker. On the other hand, for SMBs looking to centrally manage a whole series of encrypted drives, BitLocker offers a lot of sophistication right there in the OS. Technology Industry